CVE-2017-9538

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.

Published : 2017-10-03 01:29 Updated : 2018-10-09 20:01

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Solarwinds Network Performance Monitor 12.0.15300.90 cpe:/a:solarwinds:network_performance_monitor:12.0.15300.90
  1. Solarwinds (1) Search CVE
    1. Network Performance Monitor (1) Search CVE
      1. 12.0.15300.90

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2018-10-09 20:01
2017-11-02 16:36
2017-10-04 05:30
2017-10-03 01:29

New CVE